Debian Bug report logs -
#709535
python-keystoneclient: CVE-2013-2013: OpenStack keystone password disclosure on command line
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 23 May 2013 21:21:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version python-keystoneclient/2012.1-3
Fixed in version python-keystoneclient/1:0.2.5-1
Done: Thomas Goirand <zigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#709535; Package python-keystoneclient.
(Thu, 23 May 2013 21:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Thu, 23 May 2013 21:21:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: python-keystoneclient
Version: 2012.1-3
Severity: important
Tags: security patch upstream
Hi,
the following vulnerability was published for python-keystoneclient.
CVE-2013-2013[0]:
OpenStack keystone password disclosure on command line
Upstream patch is at [1] and introduces the ability for user password to
be updated via a command prompt.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-2013
[1] https://review.openstack.org/#/c/28702/
Regards,
Salvatore
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Fri, 14 Jun 2013 21:45:19 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 14 Jun 2013 21:45:19 GMT) (full text, mbox, link).
Message #10 received at 709535-close@bugs.debian.org (full text, mbox, reply):
Source: python-keystoneclient
Source-Version: 1:0.2.5-1
We believe that the bug you reported is fixed in the latest version of
python-keystoneclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 709535@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated python-keystoneclient package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 30 May 2013 14:06:05 +0800
Source: python-keystoneclient
Binary: python-keystoneclient
Architecture: source all
Version: 1:0.2.5-1
Distribution: unstable
Urgency: low
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
python-keystoneclient - client library for the OpenStack Keystone API
Closes: 709535
Changes:
python-keystoneclient (1:0.2.5-1) unstable; urgency=low
.
* New upstream release (Closes: #709535).
* Ran wrap-and-sort.
* Added export OSLO_PACKAGE_VERSION=$(VERSION) in debian/rules.
* Added build-depends: python-pbr.
* Bumped Standard-Version: to 3.9.4.
* Using cannonical URLs for the VCS fields.
Checksums-Sha1:
861d2c0f00c1d7761b4f2b014013e147b6ab54e9 1776 python-keystoneclient_0.2.5-1.dsc
48bf912e1c2252c3efa81bca1f166e828613f2cb 115020 python-keystoneclient_0.2.5.orig.tar.xz
ce4a6ef466ac3bfaa8a705fd63e07af596d4c566 28679 python-keystoneclient_0.2.5-1.debian.tar.gz
f7d0498a31305e8d2c480a944e1cd97cadfb4d6a 81522 python-keystoneclient_0.2.5-1_all.deb
Checksums-Sha256:
9ce2238092a2d6e44d5c286a420c99bf0dbabe7e2f21e9dedea78471f36b729d 1776 python-keystoneclient_0.2.5-1.dsc
edadb41c83e13312cc411c0b0f7450e844379dbfda59dbd8d6eac6da3eef5b5b 115020 python-keystoneclient_0.2.5.orig.tar.xz
7c082005f07b1892e987dbf6fa42732a5f7155a1df0c4c57a74a04d0334d7c93 28679 python-keystoneclient_0.2.5-1.debian.tar.gz
896c124edab60af397be217653557a09432ffe23d7a95668e425308615fdb1e7 81522 python-keystoneclient_0.2.5-1_all.deb
Files:
27ffb099c73d15cfc683ec9d807e9630 1776 python extra python-keystoneclient_0.2.5-1.dsc
33aa3d92e434f9304f131aeb544ff27d 115020 python extra python-keystoneclient_0.2.5.orig.tar.xz
2b5d199d42df63db97fe91eb4131da1e 28679 python extra python-keystoneclient_0.2.5-1.debian.tar.gz
f6c1c37a14a53bf96a57baf69f77b2b1 81522 python extra python-keystoneclient_0.2.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlG7d6gACgkQl4M9yZjvmknduACg2zULfLepOoJD75/e0HyxvRNm
ossAoKMM1eD8dOpjvAa3pmU33Zh6n25A
=aGtq
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 13 Jul 2013 07:28:45 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:19:34 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon